A Major Security Flaw Has Been Revealed in Android’s Full Disk Encryption

A Major Security Flaw Has Been Revealed in Android’s Full Disk Encryption

Apple iOS and Android both provide FDE (Full Disk Encryption) which lets you protect the contents of your phone with a password lock. But the thing is, that feature is rarely used by Android users as it slows the phone down and makes it run slower. This is also because it's much harder to enable encryption on Android devices and there's no hardware for encryption or decryption where as its built into iOS devices. As an iOS user all you need to do is turn on passcode lock and encrypt your data with it which all takes place in the background.

However you have to do this manually on Android devices and it makes the device run much much slower. Because of this increased difficulty and difference in speed, a lot of Android users don't even bother to use encryption. Sure their phones will run a little faster but they're basically sacrificing security for speed.

That's because of a huge design flaw in the way Qualcomm chips are used in Android devices to handle the encryption keys. There is no hardware that can protect passwords from being bypassed like there is for iOS devices making the Android keys vulnerable to attack by cyber criminals.

Patched but not for everyone.

This particular vulnerability has now been patched by Qualcomm and Google but a massive 37% of Android devices will never receive the patch. This is because that many of those OS's will never be updated making them vulnerable to the attack which is very easy to execute do to software that is readily available online. And even though Qualcomm and Google have now patched this particular security hole, the issue still remains in that Android devices don't have dedicated hardware to protect passwords with.

Basically, it makes it easy for a cyber criminal to develop a software that can effectively roll back the the OS version running on that device to one that doesn't have the patch. However right now these kind of hacks can't be found easily in the wild so for now, your Android devices FDE is secure.

Android - the most bullied OS of them all.

Because of the way that Android devices work and how 3rd party manufacturers can say how passwords are stored on them, there are a number of companies that could potentially hack into an Android device. Only Apple can update its OS firmware into iOS devices. But devices running on Google, Samsung, HTC, Motorola, LG, Qualcomm, and many other devices are easily cracked. It doesn't matter what version of software is running on the Android device, it will always be much less secure than an iOS device.

So how to protect your Android devices data?

The best and most secure way of encrypting your Android devices data is to encrypt it separately using a 3rd party app which will encrypt the files on your device. Then, even if the entire disk is decrypted by a cyber criminal or hacker, and even if the hack can make your device vulnerable to cyber criminals and hackers, it still provides an extra layer of security that would have to be hacked and bypassed which wouldn't be an easy task if that app is using a secure SHA2 like algorithm along with a strong hashed and salted password.

This kind of technique is the standard but for storing highly secure information and top secret details on your Android device you should take this extra step to make sue you research and find out all about the app you're using to protect and secure your devices stored data. Quite simply the best way to encrypt your Android devices data would be to do so on a different device like a MAC or another iOS device.

My conclussion? While Android is very open to do more on it than you can other mobile OS's, it also makes it very open and vulnerable to these sorts of things. So if you're using an Android device you might not want to use it for securing really important information.